1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/key.h> 18 #include <linux/keyctl.h> 19 #include <linux/fs.h> 20 #include <linux/capability.h> 21 #include <linux/string.h> 22 #include <linux/err.h> 23 #include <linux/vmalloc.h> 24 #include <linux/security.h> 25 #include <asm/uaccess.h> 26 #include "internal.h" 27 28 static int key_get_type_from_user(char *type, 29 const char __user *_type, 30 unsigned len) 31 { 32 int ret; 33 34 ret = strncpy_from_user(type, _type, len); 35 if (ret < 0) 36 return ret; 37 if (ret == 0 || ret >= len) 38 return -EINVAL; 39 if (type[0] == '.') 40 return -EPERM; 41 type[len - 1] = '\0'; 42 return 0; 43 } 44 45 /* 46 * Extract the description of a new key from userspace and either add it as a 47 * new key to the specified keyring or update a matching key in that keyring. 48 * 49 * If the description is NULL or an empty string, the key type is asked to 50 * generate one from the payload. 51 * 52 * The keyring must be writable so that we can attach the key to it. 53 * 54 * If successful, the new key's serial number is returned, otherwise an error 55 * code is returned. 56 */ 57 SYSCALL_DEFINE5(add_key, const char __user *, _type, 58 const char __user *, _description, 59 const void __user *, _payload, 60 size_t, plen, 61 key_serial_t, ringid) 62 { 63 key_ref_t keyring_ref, key_ref; 64 char type[32], *description; 65 void *payload; 66 long ret; 67 bool vm; 68 69 ret = -EINVAL; 70 if (plen > 1024 * 1024 - 1) 71 goto error; 72 73 /* draw all the data into kernel space */ 74 ret = key_get_type_from_user(type, _type, sizeof(type)); 75 if (ret < 0) 76 goto error; 77 78 description = NULL; 79 if (_description) { 80 description = strndup_user(_description, PAGE_SIZE); 81 if (IS_ERR(description)) { 82 ret = PTR_ERR(description); 83 goto error; 84 } 85 if (!*description) { 86 kfree(description); 87 description = NULL; 88 } 89 } 90 91 /* pull the payload in if one was supplied */ 92 payload = NULL; 93 94 vm = false; 95 if (_payload) { 96 ret = -ENOMEM; 97 payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); 98 if (!payload) { 99 if (plen <= PAGE_SIZE) 100 goto error2; 101 vm = true; 102 payload = vmalloc(plen); 103 if (!payload) 104 goto error2; 105 } 106 107 ret = -EFAULT; 108 if (copy_from_user(payload, _payload, plen) != 0) 109 goto error3; 110 } 111 112 /* find the target keyring (which must be writable) */ 113 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 114 if (IS_ERR(keyring_ref)) { 115 ret = PTR_ERR(keyring_ref); 116 goto error3; 117 } 118 119 /* create or update the requested key and add it to the target 120 * keyring */ 121 key_ref = key_create_or_update(keyring_ref, type, description, 122 payload, plen, KEY_PERM_UNDEF, 123 KEY_ALLOC_IN_QUOTA); 124 if (!IS_ERR(key_ref)) { 125 ret = key_ref_to_ptr(key_ref)->serial; 126 key_ref_put(key_ref); 127 } 128 else { 129 ret = PTR_ERR(key_ref); 130 } 131 132 key_ref_put(keyring_ref); 133 error3: 134 if (!vm) 135 kfree(payload); 136 else 137 vfree(payload); 138 error2: 139 kfree(description); 140 error: 141 return ret; 142 } 143 144 /* 145 * Search the process keyrings and keyring trees linked from those for a 146 * matching key. Keyrings must have appropriate Search permission to be 147 * searched. 148 * 149 * If a key is found, it will be attached to the destination keyring if there's 150 * one specified and the serial number of the key will be returned. 151 * 152 * If no key is found, /sbin/request-key will be invoked if _callout_info is 153 * non-NULL in an attempt to create a key. The _callout_info string will be 154 * passed to /sbin/request-key to aid with completing the request. If the 155 * _callout_info string is "" then it will be changed to "-". 156 */ 157 SYSCALL_DEFINE4(request_key, const char __user *, _type, 158 const char __user *, _description, 159 const char __user *, _callout_info, 160 key_serial_t, destringid) 161 { 162 struct key_type *ktype; 163 struct key *key; 164 key_ref_t dest_ref; 165 size_t callout_len; 166 char type[32], *description, *callout_info; 167 long ret; 168 169 /* pull the type into kernel space */ 170 ret = key_get_type_from_user(type, _type, sizeof(type)); 171 if (ret < 0) 172 goto error; 173 174 /* pull the description into kernel space */ 175 description = strndup_user(_description, PAGE_SIZE); 176 if (IS_ERR(description)) { 177 ret = PTR_ERR(description); 178 goto error; 179 } 180 181 /* pull the callout info into kernel space */ 182 callout_info = NULL; 183 callout_len = 0; 184 if (_callout_info) { 185 callout_info = strndup_user(_callout_info, PAGE_SIZE); 186 if (IS_ERR(callout_info)) { 187 ret = PTR_ERR(callout_info); 188 goto error2; 189 } 190 callout_len = strlen(callout_info); 191 } 192 193 /* get the destination keyring if specified */ 194 dest_ref = NULL; 195 if (destringid) { 196 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 197 KEY_WRITE); 198 if (IS_ERR(dest_ref)) { 199 ret = PTR_ERR(dest_ref); 200 goto error3; 201 } 202 } 203 204 /* find the key type */ 205 ktype = key_type_lookup(type); 206 if (IS_ERR(ktype)) { 207 ret = PTR_ERR(ktype); 208 goto error4; 209 } 210 211 /* do the search */ 212 key = request_key_and_link(ktype, description, callout_info, 213 callout_len, NULL, key_ref_to_ptr(dest_ref), 214 KEY_ALLOC_IN_QUOTA); 215 if (IS_ERR(key)) { 216 ret = PTR_ERR(key); 217 goto error5; 218 } 219 220 /* wait for the key to finish being constructed */ 221 ret = wait_for_key_construction(key, 1); 222 if (ret < 0) 223 goto error6; 224 225 ret = key->serial; 226 227 error6: 228 key_put(key); 229 error5: 230 key_type_put(ktype); 231 error4: 232 key_ref_put(dest_ref); 233 error3: 234 kfree(callout_info); 235 error2: 236 kfree(description); 237 error: 238 return ret; 239 } 240 241 /* 242 * Get the ID of the specified process keyring. 243 * 244 * The requested keyring must have search permission to be found. 245 * 246 * If successful, the ID of the requested keyring will be returned. 247 */ 248 long keyctl_get_keyring_ID(key_serial_t id, int create) 249 { 250 key_ref_t key_ref; 251 unsigned long lflags; 252 long ret; 253 254 lflags = create ? KEY_LOOKUP_CREATE : 0; 255 key_ref = lookup_user_key(id, lflags, KEY_SEARCH); 256 if (IS_ERR(key_ref)) { 257 ret = PTR_ERR(key_ref); 258 goto error; 259 } 260 261 ret = key_ref_to_ptr(key_ref)->serial; 262 key_ref_put(key_ref); 263 error: 264 return ret; 265 } 266 267 /* 268 * Join a (named) session keyring. 269 * 270 * Create and join an anonymous session keyring or join a named session 271 * keyring, creating it if necessary. A named session keyring must have Search 272 * permission for it to be joined. Session keyrings without this permit will 273 * be skipped over. 274 * 275 * If successful, the ID of the joined session keyring will be returned. 276 */ 277 long keyctl_join_session_keyring(const char __user *_name) 278 { 279 char *name; 280 long ret; 281 282 /* fetch the name from userspace */ 283 name = NULL; 284 if (_name) { 285 name = strndup_user(_name, PAGE_SIZE); 286 if (IS_ERR(name)) { 287 ret = PTR_ERR(name); 288 goto error; 289 } 290 } 291 292 /* join the session */ 293 ret = join_session_keyring(name); 294 kfree(name); 295 296 error: 297 return ret; 298 } 299 300 /* 301 * Update a key's data payload from the given data. 302 * 303 * The key must grant the caller Write permission and the key type must support 304 * updating for this to work. A negative key can be positively instantiated 305 * with this call. 306 * 307 * If successful, 0 will be returned. If the key type does not support 308 * updating, then -EOPNOTSUPP will be returned. 309 */ 310 long keyctl_update_key(key_serial_t id, 311 const void __user *_payload, 312 size_t plen) 313 { 314 key_ref_t key_ref; 315 void *payload; 316 long ret; 317 318 ret = -EINVAL; 319 if (plen > PAGE_SIZE) 320 goto error; 321 322 /* pull the payload in if one was supplied */ 323 payload = NULL; 324 if (_payload) { 325 ret = -ENOMEM; 326 payload = kmalloc(plen, GFP_KERNEL); 327 if (!payload) 328 goto error; 329 330 ret = -EFAULT; 331 if (copy_from_user(payload, _payload, plen) != 0) 332 goto error2; 333 } 334 335 /* find the target key (which must be writable) */ 336 key_ref = lookup_user_key(id, 0, KEY_WRITE); 337 if (IS_ERR(key_ref)) { 338 ret = PTR_ERR(key_ref); 339 goto error2; 340 } 341 342 /* update the key */ 343 ret = key_update(key_ref, payload, plen); 344 345 key_ref_put(key_ref); 346 error2: 347 kfree(payload); 348 error: 349 return ret; 350 } 351 352 /* 353 * Revoke a key. 354 * 355 * The key must be grant the caller Write or Setattr permission for this to 356 * work. The key type should give up its quota claim when revoked. The key 357 * and any links to the key will be automatically garbage collected after a 358 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 359 * 360 * If successful, 0 is returned. 361 */ 362 long keyctl_revoke_key(key_serial_t id) 363 { 364 key_ref_t key_ref; 365 long ret; 366 367 key_ref = lookup_user_key(id, 0, KEY_WRITE); 368 if (IS_ERR(key_ref)) { 369 ret = PTR_ERR(key_ref); 370 if (ret != -EACCES) 371 goto error; 372 key_ref = lookup_user_key(id, 0, KEY_SETATTR); 373 if (IS_ERR(key_ref)) { 374 ret = PTR_ERR(key_ref); 375 goto error; 376 } 377 } 378 379 key_revoke(key_ref_to_ptr(key_ref)); 380 ret = 0; 381 382 key_ref_put(key_ref); 383 error: 384 return ret; 385 } 386 387 /* 388 * Invalidate a key. 389 * 390 * The key must be grant the caller Invalidate permission for this to work. 391 * The key and any links to the key will be automatically garbage collected 392 * immediately. 393 * 394 * If successful, 0 is returned. 395 */ 396 long keyctl_invalidate_key(key_serial_t id) 397 { 398 key_ref_t key_ref; 399 long ret; 400 401 kenter("%d", id); 402 403 key_ref = lookup_user_key(id, 0, KEY_SEARCH); 404 if (IS_ERR(key_ref)) { 405 ret = PTR_ERR(key_ref); 406 goto error; 407 } 408 409 key_invalidate(key_ref_to_ptr(key_ref)); 410 ret = 0; 411 412 key_ref_put(key_ref); 413 error: 414 kleave(" = %ld", ret); 415 return ret; 416 } 417 418 /* 419 * Clear the specified keyring, creating an empty process keyring if one of the 420 * special keyring IDs is used. 421 * 422 * The keyring must grant the caller Write permission for this to work. If 423 * successful, 0 will be returned. 424 */ 425 long keyctl_keyring_clear(key_serial_t ringid) 426 { 427 key_ref_t keyring_ref; 428 long ret; 429 430 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 431 if (IS_ERR(keyring_ref)) { 432 ret = PTR_ERR(keyring_ref); 433 434 /* Root is permitted to invalidate certain special keyrings */ 435 if (capable(CAP_SYS_ADMIN)) { 436 keyring_ref = lookup_user_key(ringid, 0, 0); 437 if (IS_ERR(keyring_ref)) 438 goto error; 439 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR, 440 &key_ref_to_ptr(keyring_ref)->flags)) 441 goto clear; 442 goto error_put; 443 } 444 445 goto error; 446 } 447 448 clear: 449 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 450 error_put: 451 key_ref_put(keyring_ref); 452 error: 453 return ret; 454 } 455 456 /* 457 * Create a link from a keyring to a key if there's no matching key in the 458 * keyring, otherwise replace the link to the matching key with a link to the 459 * new key. 460 * 461 * The key must grant the caller Link permission and the the keyring must grant 462 * the caller Write permission. Furthermore, if an additional link is created, 463 * the keyring's quota will be extended. 464 * 465 * If successful, 0 will be returned. 466 */ 467 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 468 { 469 key_ref_t keyring_ref, key_ref; 470 long ret; 471 472 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 473 if (IS_ERR(keyring_ref)) { 474 ret = PTR_ERR(keyring_ref); 475 goto error; 476 } 477 478 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK); 479 if (IS_ERR(key_ref)) { 480 ret = PTR_ERR(key_ref); 481 goto error2; 482 } 483 484 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 485 486 key_ref_put(key_ref); 487 error2: 488 key_ref_put(keyring_ref); 489 error: 490 return ret; 491 } 492 493 /* 494 * Unlink a key from a keyring. 495 * 496 * The keyring must grant the caller Write permission for this to work; the key 497 * itself need not grant the caller anything. If the last link to a key is 498 * removed then that key will be scheduled for destruction. 499 * 500 * If successful, 0 will be returned. 501 */ 502 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 503 { 504 key_ref_t keyring_ref, key_ref; 505 long ret; 506 507 keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE); 508 if (IS_ERR(keyring_ref)) { 509 ret = PTR_ERR(keyring_ref); 510 goto error; 511 } 512 513 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 514 if (IS_ERR(key_ref)) { 515 ret = PTR_ERR(key_ref); 516 goto error2; 517 } 518 519 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 520 521 key_ref_put(key_ref); 522 error2: 523 key_ref_put(keyring_ref); 524 error: 525 return ret; 526 } 527 528 /* 529 * Return a description of a key to userspace. 530 * 531 * The key must grant the caller View permission for this to work. 532 * 533 * If there's a buffer, we place up to buflen bytes of data into it formatted 534 * in the following way: 535 * 536 * type;uid;gid;perm;description<NUL> 537 * 538 * If successful, we return the amount of description available, irrespective 539 * of how much we may have copied into the buffer. 540 */ 541 long keyctl_describe_key(key_serial_t keyid, 542 char __user *buffer, 543 size_t buflen) 544 { 545 struct key *key, *instkey; 546 key_ref_t key_ref; 547 char *tmpbuf; 548 long ret; 549 550 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 551 if (IS_ERR(key_ref)) { 552 /* viewing a key under construction is permitted if we have the 553 * authorisation token handy */ 554 if (PTR_ERR(key_ref) == -EACCES) { 555 instkey = key_get_instantiation_authkey(keyid); 556 if (!IS_ERR(instkey)) { 557 key_put(instkey); 558 key_ref = lookup_user_key(keyid, 559 KEY_LOOKUP_PARTIAL, 560 0); 561 if (!IS_ERR(key_ref)) 562 goto okay; 563 } 564 } 565 566 ret = PTR_ERR(key_ref); 567 goto error; 568 } 569 570 okay: 571 /* calculate how much description we're going to return */ 572 ret = -ENOMEM; 573 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 574 if (!tmpbuf) 575 goto error2; 576 577 key = key_ref_to_ptr(key_ref); 578 579 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 580 "%s;%d;%d;%08x;%s", 581 key->type->name, 582 from_kuid_munged(current_user_ns(), key->uid), 583 from_kgid_munged(current_user_ns(), key->gid), 584 key->perm, 585 key->description ?: ""); 586 587 /* include a NUL char at the end of the data */ 588 if (ret > PAGE_SIZE - 1) 589 ret = PAGE_SIZE - 1; 590 tmpbuf[ret] = 0; 591 ret++; 592 593 /* consider returning the data */ 594 if (buffer && buflen > 0) { 595 if (buflen > ret) 596 buflen = ret; 597 598 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 599 ret = -EFAULT; 600 } 601 602 kfree(tmpbuf); 603 error2: 604 key_ref_put(key_ref); 605 error: 606 return ret; 607 } 608 609 /* 610 * Search the specified keyring and any keyrings it links to for a matching 611 * key. Only keyrings that grant the caller Search permission will be searched 612 * (this includes the starting keyring). Only keys with Search permission can 613 * be found. 614 * 615 * If successful, the found key will be linked to the destination keyring if 616 * supplied and the key has Link permission, and the found key ID will be 617 * returned. 618 */ 619 long keyctl_keyring_search(key_serial_t ringid, 620 const char __user *_type, 621 const char __user *_description, 622 key_serial_t destringid) 623 { 624 struct key_type *ktype; 625 key_ref_t keyring_ref, key_ref, dest_ref; 626 char type[32], *description; 627 long ret; 628 629 /* pull the type and description into kernel space */ 630 ret = key_get_type_from_user(type, _type, sizeof(type)); 631 if (ret < 0) 632 goto error; 633 634 description = strndup_user(_description, PAGE_SIZE); 635 if (IS_ERR(description)) { 636 ret = PTR_ERR(description); 637 goto error; 638 } 639 640 /* get the keyring at which to begin the search */ 641 keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH); 642 if (IS_ERR(keyring_ref)) { 643 ret = PTR_ERR(keyring_ref); 644 goto error2; 645 } 646 647 /* get the destination keyring if specified */ 648 dest_ref = NULL; 649 if (destringid) { 650 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 651 KEY_WRITE); 652 if (IS_ERR(dest_ref)) { 653 ret = PTR_ERR(dest_ref); 654 goto error3; 655 } 656 } 657 658 /* find the key type */ 659 ktype = key_type_lookup(type); 660 if (IS_ERR(ktype)) { 661 ret = PTR_ERR(ktype); 662 goto error4; 663 } 664 665 /* do the search */ 666 key_ref = keyring_search(keyring_ref, ktype, description); 667 if (IS_ERR(key_ref)) { 668 ret = PTR_ERR(key_ref); 669 670 /* treat lack or presence of a negative key the same */ 671 if (ret == -EAGAIN) 672 ret = -ENOKEY; 673 goto error5; 674 } 675 676 /* link the resulting key to the destination keyring if we can */ 677 if (dest_ref) { 678 ret = key_permission(key_ref, KEY_LINK); 679 if (ret < 0) 680 goto error6; 681 682 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 683 if (ret < 0) 684 goto error6; 685 } 686 687 ret = key_ref_to_ptr(key_ref)->serial; 688 689 error6: 690 key_ref_put(key_ref); 691 error5: 692 key_type_put(ktype); 693 error4: 694 key_ref_put(dest_ref); 695 error3: 696 key_ref_put(keyring_ref); 697 error2: 698 kfree(description); 699 error: 700 return ret; 701 } 702 703 /* 704 * Read a key's payload. 705 * 706 * The key must either grant the caller Read permission, or it must grant the 707 * caller Search permission when searched for from the process keyrings. 708 * 709 * If successful, we place up to buflen bytes of data into the buffer, if one 710 * is provided, and return the amount of data that is available in the key, 711 * irrespective of how much we copied into the buffer. 712 */ 713 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 714 { 715 struct key *key; 716 key_ref_t key_ref; 717 long ret; 718 719 /* find the key first */ 720 key_ref = lookup_user_key(keyid, 0, 0); 721 if (IS_ERR(key_ref)) { 722 ret = -ENOKEY; 723 goto error; 724 } 725 726 key = key_ref_to_ptr(key_ref); 727 728 /* see if we can read it directly */ 729 ret = key_permission(key_ref, KEY_READ); 730 if (ret == 0) 731 goto can_read_key; 732 if (ret != -EACCES) 733 goto error; 734 735 /* we can't; see if it's searchable from this process's keyrings 736 * - we automatically take account of the fact that it may be 737 * dangling off an instantiation key 738 */ 739 if (!is_key_possessed(key_ref)) { 740 ret = -EACCES; 741 goto error2; 742 } 743 744 /* the key is probably readable - now try to read it */ 745 can_read_key: 746 ret = key_validate(key); 747 if (ret == 0) { 748 ret = -EOPNOTSUPP; 749 if (key->type->read) { 750 /* read the data with the semaphore held (since we 751 * might sleep) */ 752 down_read(&key->sem); 753 ret = key->type->read(key, buffer, buflen); 754 up_read(&key->sem); 755 } 756 } 757 758 error2: 759 key_put(key); 760 error: 761 return ret; 762 } 763 764 /* 765 * Change the ownership of a key 766 * 767 * The key must grant the caller Setattr permission for this to work, though 768 * the key need not be fully instantiated yet. For the UID to be changed, or 769 * for the GID to be changed to a group the caller is not a member of, the 770 * caller must have sysadmin capability. If either uid or gid is -1 then that 771 * attribute is not changed. 772 * 773 * If the UID is to be changed, the new user must have sufficient quota to 774 * accept the key. The quota deduction will be removed from the old user to 775 * the new user should the attribute be changed. 776 * 777 * If successful, 0 will be returned. 778 */ 779 long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) 780 { 781 struct key_user *newowner, *zapowner = NULL; 782 struct key *key; 783 key_ref_t key_ref; 784 long ret; 785 kuid_t uid; 786 kgid_t gid; 787 788 uid = make_kuid(current_user_ns(), user); 789 gid = make_kgid(current_user_ns(), group); 790 ret = -EINVAL; 791 if ((user != (uid_t) -1) && !uid_valid(uid)) 792 goto error; 793 if ((group != (gid_t) -1) && !gid_valid(gid)) 794 goto error; 795 796 ret = 0; 797 if (user == (uid_t) -1 && group == (gid_t) -1) 798 goto error; 799 800 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 801 KEY_SETATTR); 802 if (IS_ERR(key_ref)) { 803 ret = PTR_ERR(key_ref); 804 goto error; 805 } 806 807 key = key_ref_to_ptr(key_ref); 808 809 /* make the changes with the locks held to prevent chown/chown races */ 810 ret = -EACCES; 811 down_write(&key->sem); 812 813 if (!capable(CAP_SYS_ADMIN)) { 814 /* only the sysadmin can chown a key to some other UID */ 815 if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) 816 goto error_put; 817 818 /* only the sysadmin can set the key's GID to a group other 819 * than one of those that the current process subscribes to */ 820 if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid)) 821 goto error_put; 822 } 823 824 /* change the UID */ 825 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { 826 ret = -ENOMEM; 827 newowner = key_user_lookup(uid); 828 if (!newowner) 829 goto error_put; 830 831 /* transfer the quota burden to the new user */ 832 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 833 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ? 834 key_quota_root_maxkeys : key_quota_maxkeys; 835 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ? 836 key_quota_root_maxbytes : key_quota_maxbytes; 837 838 spin_lock(&newowner->lock); 839 if (newowner->qnkeys + 1 >= maxkeys || 840 newowner->qnbytes + key->quotalen >= maxbytes || 841 newowner->qnbytes + key->quotalen < 842 newowner->qnbytes) 843 goto quota_overrun; 844 845 newowner->qnkeys++; 846 newowner->qnbytes += key->quotalen; 847 spin_unlock(&newowner->lock); 848 849 spin_lock(&key->user->lock); 850 key->user->qnkeys--; 851 key->user->qnbytes -= key->quotalen; 852 spin_unlock(&key->user->lock); 853 } 854 855 atomic_dec(&key->user->nkeys); 856 atomic_inc(&newowner->nkeys); 857 858 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 859 atomic_dec(&key->user->nikeys); 860 atomic_inc(&newowner->nikeys); 861 } 862 863 zapowner = key->user; 864 key->user = newowner; 865 key->uid = uid; 866 } 867 868 /* change the GID */ 869 if (group != (gid_t) -1) 870 key->gid = gid; 871 872 ret = 0; 873 874 error_put: 875 up_write(&key->sem); 876 key_put(key); 877 if (zapowner) 878 key_user_put(zapowner); 879 error: 880 return ret; 881 882 quota_overrun: 883 spin_unlock(&newowner->lock); 884 zapowner = newowner; 885 ret = -EDQUOT; 886 goto error_put; 887 } 888 889 /* 890 * Change the permission mask on a key. 891 * 892 * The key must grant the caller Setattr permission for this to work, though 893 * the key need not be fully instantiated yet. If the caller does not have 894 * sysadmin capability, it may only change the permission on keys that it owns. 895 */ 896 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 897 { 898 struct key *key; 899 key_ref_t key_ref; 900 long ret; 901 902 ret = -EINVAL; 903 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 904 goto error; 905 906 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 907 KEY_SETATTR); 908 if (IS_ERR(key_ref)) { 909 ret = PTR_ERR(key_ref); 910 goto error; 911 } 912 913 key = key_ref_to_ptr(key_ref); 914 915 /* make the changes with the locks held to prevent chown/chmod races */ 916 ret = -EACCES; 917 down_write(&key->sem); 918 919 /* if we're not the sysadmin, we can only change a key that we own */ 920 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) { 921 key->perm = perm; 922 ret = 0; 923 } 924 925 up_write(&key->sem); 926 key_put(key); 927 error: 928 return ret; 929 } 930 931 /* 932 * Get the destination keyring for instantiation and check that the caller has 933 * Write permission on it. 934 */ 935 static long get_instantiation_keyring(key_serial_t ringid, 936 struct request_key_auth *rka, 937 struct key **_dest_keyring) 938 { 939 key_ref_t dkref; 940 941 *_dest_keyring = NULL; 942 943 /* just return a NULL pointer if we weren't asked to make a link */ 944 if (ringid == 0) 945 return 0; 946 947 /* if a specific keyring is nominated by ID, then use that */ 948 if (ringid > 0) { 949 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 950 if (IS_ERR(dkref)) 951 return PTR_ERR(dkref); 952 *_dest_keyring = key_ref_to_ptr(dkref); 953 return 0; 954 } 955 956 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 957 return -EINVAL; 958 959 /* otherwise specify the destination keyring recorded in the 960 * authorisation key (any KEY_SPEC_*_KEYRING) */ 961 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 962 *_dest_keyring = key_get(rka->dest_keyring); 963 return 0; 964 } 965 966 return -ENOKEY; 967 } 968 969 /* 970 * Change the request_key authorisation key on the current process. 971 */ 972 static int keyctl_change_reqkey_auth(struct key *key) 973 { 974 struct cred *new; 975 976 new = prepare_creds(); 977 if (!new) 978 return -ENOMEM; 979 980 key_put(new->request_key_auth); 981 new->request_key_auth = key_get(key); 982 983 return commit_creds(new); 984 } 985 986 /* 987 * Copy the iovec data from userspace 988 */ 989 static long copy_from_user_iovec(void *buffer, const struct iovec *iov, 990 unsigned ioc) 991 { 992 for (; ioc > 0; ioc--) { 993 if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0) 994 return -EFAULT; 995 buffer += iov->iov_len; 996 iov++; 997 } 998 return 0; 999 } 1000 1001 /* 1002 * Instantiate a key with the specified payload and link the key into the 1003 * destination keyring if one is given. 1004 * 1005 * The caller must have the appropriate instantiation permit set for this to 1006 * work (see keyctl_assume_authority). No other permissions are required. 1007 * 1008 * If successful, 0 will be returned. 1009 */ 1010 long keyctl_instantiate_key_common(key_serial_t id, 1011 const struct iovec *payload_iov, 1012 unsigned ioc, 1013 size_t plen, 1014 key_serial_t ringid) 1015 { 1016 const struct cred *cred = current_cred(); 1017 struct request_key_auth *rka; 1018 struct key *instkey, *dest_keyring; 1019 void *payload; 1020 long ret; 1021 bool vm = false; 1022 1023 kenter("%d,,%zu,%d", id, plen, ringid); 1024 1025 ret = -EINVAL; 1026 if (plen > 1024 * 1024 - 1) 1027 goto error; 1028 1029 /* the appropriate instantiation authorisation key must have been 1030 * assumed before calling this */ 1031 ret = -EPERM; 1032 instkey = cred->request_key_auth; 1033 if (!instkey) 1034 goto error; 1035 1036 rka = instkey->payload.data; 1037 if (rka->target_key->serial != id) 1038 goto error; 1039 1040 /* pull the payload in if one was supplied */ 1041 payload = NULL; 1042 1043 if (payload_iov) { 1044 ret = -ENOMEM; 1045 payload = kmalloc(plen, GFP_KERNEL); 1046 if (!payload) { 1047 if (plen <= PAGE_SIZE) 1048 goto error; 1049 vm = true; 1050 payload = vmalloc(plen); 1051 if (!payload) 1052 goto error; 1053 } 1054 1055 ret = copy_from_user_iovec(payload, payload_iov, ioc); 1056 if (ret < 0) 1057 goto error2; 1058 } 1059 1060 /* find the destination keyring amongst those belonging to the 1061 * requesting task */ 1062 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1063 if (ret < 0) 1064 goto error2; 1065 1066 /* instantiate the key and link it into a keyring */ 1067 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1068 dest_keyring, instkey); 1069 1070 key_put(dest_keyring); 1071 1072 /* discard the assumed authority if it's just been disabled by 1073 * instantiation of the key */ 1074 if (ret == 0) 1075 keyctl_change_reqkey_auth(NULL); 1076 1077 error2: 1078 if (!vm) 1079 kfree(payload); 1080 else 1081 vfree(payload); 1082 error: 1083 return ret; 1084 } 1085 1086 /* 1087 * Instantiate a key with the specified payload and link the key into the 1088 * destination keyring if one is given. 1089 * 1090 * The caller must have the appropriate instantiation permit set for this to 1091 * work (see keyctl_assume_authority). No other permissions are required. 1092 * 1093 * If successful, 0 will be returned. 1094 */ 1095 long keyctl_instantiate_key(key_serial_t id, 1096 const void __user *_payload, 1097 size_t plen, 1098 key_serial_t ringid) 1099 { 1100 if (_payload && plen) { 1101 struct iovec iov[1] = { 1102 [0].iov_base = (void __user *)_payload, 1103 [0].iov_len = plen 1104 }; 1105 1106 return keyctl_instantiate_key_common(id, iov, 1, plen, ringid); 1107 } 1108 1109 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1110 } 1111 1112 /* 1113 * Instantiate a key with the specified multipart payload and link the key into 1114 * the destination keyring if one is given. 1115 * 1116 * The caller must have the appropriate instantiation permit set for this to 1117 * work (see keyctl_assume_authority). No other permissions are required. 1118 * 1119 * If successful, 0 will be returned. 1120 */ 1121 long keyctl_instantiate_key_iov(key_serial_t id, 1122 const struct iovec __user *_payload_iov, 1123 unsigned ioc, 1124 key_serial_t ringid) 1125 { 1126 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1127 long ret; 1128 1129 if (!_payload_iov || !ioc) 1130 goto no_payload; 1131 1132 ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, 1133 ARRAY_SIZE(iovstack), iovstack, &iov); 1134 if (ret < 0) 1135 goto err; 1136 if (ret == 0) 1137 goto no_payload_free; 1138 1139 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); 1140 err: 1141 if (iov != iovstack) 1142 kfree(iov); 1143 return ret; 1144 1145 no_payload_free: 1146 if (iov != iovstack) 1147 kfree(iov); 1148 no_payload: 1149 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1150 } 1151 1152 /* 1153 * Negatively instantiate the key with the given timeout (in seconds) and link 1154 * the key into the destination keyring if one is given. 1155 * 1156 * The caller must have the appropriate instantiation permit set for this to 1157 * work (see keyctl_assume_authority). No other permissions are required. 1158 * 1159 * The key and any links to the key will be automatically garbage collected 1160 * after the timeout expires. 1161 * 1162 * Negative keys are used to rate limit repeated request_key() calls by causing 1163 * them to return -ENOKEY until the negative key expires. 1164 * 1165 * If successful, 0 will be returned. 1166 */ 1167 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1168 { 1169 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1170 } 1171 1172 /* 1173 * Negatively instantiate the key with the given timeout (in seconds) and error 1174 * code and link the key into the destination keyring if one is given. 1175 * 1176 * The caller must have the appropriate instantiation permit set for this to 1177 * work (see keyctl_assume_authority). No other permissions are required. 1178 * 1179 * The key and any links to the key will be automatically garbage collected 1180 * after the timeout expires. 1181 * 1182 * Negative keys are used to rate limit repeated request_key() calls by causing 1183 * them to return the specified error code until the negative key expires. 1184 * 1185 * If successful, 0 will be returned. 1186 */ 1187 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1188 key_serial_t ringid) 1189 { 1190 const struct cred *cred = current_cred(); 1191 struct request_key_auth *rka; 1192 struct key *instkey, *dest_keyring; 1193 long ret; 1194 1195 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1196 1197 /* must be a valid error code and mustn't be a kernel special */ 1198 if (error <= 0 || 1199 error >= MAX_ERRNO || 1200 error == ERESTARTSYS || 1201 error == ERESTARTNOINTR || 1202 error == ERESTARTNOHAND || 1203 error == ERESTART_RESTARTBLOCK) 1204 return -EINVAL; 1205 1206 /* the appropriate instantiation authorisation key must have been 1207 * assumed before calling this */ 1208 ret = -EPERM; 1209 instkey = cred->request_key_auth; 1210 if (!instkey) 1211 goto error; 1212 1213 rka = instkey->payload.data; 1214 if (rka->target_key->serial != id) 1215 goto error; 1216 1217 /* find the destination keyring if present (which must also be 1218 * writable) */ 1219 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1220 if (ret < 0) 1221 goto error; 1222 1223 /* instantiate the key and link it into a keyring */ 1224 ret = key_reject_and_link(rka->target_key, timeout, error, 1225 dest_keyring, instkey); 1226 1227 key_put(dest_keyring); 1228 1229 /* discard the assumed authority if it's just been disabled by 1230 * instantiation of the key */ 1231 if (ret == 0) 1232 keyctl_change_reqkey_auth(NULL); 1233 1234 error: 1235 return ret; 1236 } 1237 1238 /* 1239 * Read or set the default keyring in which request_key() will cache keys and 1240 * return the old setting. 1241 * 1242 * If a process keyring is specified then this will be created if it doesn't 1243 * yet exist. The old setting will be returned if successful. 1244 */ 1245 long keyctl_set_reqkey_keyring(int reqkey_defl) 1246 { 1247 struct cred *new; 1248 int ret, old_setting; 1249 1250 old_setting = current_cred_xxx(jit_keyring); 1251 1252 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1253 return old_setting; 1254 1255 new = prepare_creds(); 1256 if (!new) 1257 return -ENOMEM; 1258 1259 switch (reqkey_defl) { 1260 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1261 ret = install_thread_keyring_to_cred(new); 1262 if (ret < 0) 1263 goto error; 1264 goto set; 1265 1266 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1267 ret = install_process_keyring_to_cred(new); 1268 if (ret < 0) { 1269 if (ret != -EEXIST) 1270 goto error; 1271 ret = 0; 1272 } 1273 goto set; 1274 1275 case KEY_REQKEY_DEFL_DEFAULT: 1276 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1277 case KEY_REQKEY_DEFL_USER_KEYRING: 1278 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1279 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1280 goto set; 1281 1282 case KEY_REQKEY_DEFL_NO_CHANGE: 1283 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1284 default: 1285 ret = -EINVAL; 1286 goto error; 1287 } 1288 1289 set: 1290 new->jit_keyring = reqkey_defl; 1291 commit_creds(new); 1292 return old_setting; 1293 error: 1294 abort_creds(new); 1295 return ret; 1296 } 1297 1298 /* 1299 * Set or clear the timeout on a key. 1300 * 1301 * Either the key must grant the caller Setattr permission or else the caller 1302 * must hold an instantiation authorisation token for the key. 1303 * 1304 * The timeout is either 0 to clear the timeout, or a number of seconds from 1305 * the current time. The key and any links to the key will be automatically 1306 * garbage collected after the timeout expires. 1307 * 1308 * If successful, 0 is returned. 1309 */ 1310 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1311 { 1312 struct key *key, *instkey; 1313 key_ref_t key_ref; 1314 long ret; 1315 1316 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1317 KEY_SETATTR); 1318 if (IS_ERR(key_ref)) { 1319 /* setting the timeout on a key under construction is permitted 1320 * if we have the authorisation token handy */ 1321 if (PTR_ERR(key_ref) == -EACCES) { 1322 instkey = key_get_instantiation_authkey(id); 1323 if (!IS_ERR(instkey)) { 1324 key_put(instkey); 1325 key_ref = lookup_user_key(id, 1326 KEY_LOOKUP_PARTIAL, 1327 0); 1328 if (!IS_ERR(key_ref)) 1329 goto okay; 1330 } 1331 } 1332 1333 ret = PTR_ERR(key_ref); 1334 goto error; 1335 } 1336 1337 okay: 1338 key = key_ref_to_ptr(key_ref); 1339 key_set_timeout(key, timeout); 1340 key_put(key); 1341 1342 ret = 0; 1343 error: 1344 return ret; 1345 } 1346 1347 /* 1348 * Assume (or clear) the authority to instantiate the specified key. 1349 * 1350 * This sets the authoritative token currently in force for key instantiation. 1351 * This must be done for a key to be instantiated. It has the effect of making 1352 * available all the keys from the caller of the request_key() that created a 1353 * key to request_key() calls made by the caller of this function. 1354 * 1355 * The caller must have the instantiation key in their process keyrings with a 1356 * Search permission grant available to the caller. 1357 * 1358 * If the ID given is 0, then the setting will be cleared and 0 returned. 1359 * 1360 * If the ID given has a matching an authorisation key, then that key will be 1361 * set and its ID will be returned. The authorisation key can be read to get 1362 * the callout information passed to request_key(). 1363 */ 1364 long keyctl_assume_authority(key_serial_t id) 1365 { 1366 struct key *authkey; 1367 long ret; 1368 1369 /* special key IDs aren't permitted */ 1370 ret = -EINVAL; 1371 if (id < 0) 1372 goto error; 1373 1374 /* we divest ourselves of authority if given an ID of 0 */ 1375 if (id == 0) { 1376 ret = keyctl_change_reqkey_auth(NULL); 1377 goto error; 1378 } 1379 1380 /* attempt to assume the authority temporarily granted to us whilst we 1381 * instantiate the specified key 1382 * - the authorisation key must be in the current task's keyrings 1383 * somewhere 1384 */ 1385 authkey = key_get_instantiation_authkey(id); 1386 if (IS_ERR(authkey)) { 1387 ret = PTR_ERR(authkey); 1388 goto error; 1389 } 1390 1391 ret = keyctl_change_reqkey_auth(authkey); 1392 if (ret < 0) 1393 goto error; 1394 key_put(authkey); 1395 1396 ret = authkey->serial; 1397 error: 1398 return ret; 1399 } 1400 1401 /* 1402 * Get a key's the LSM security label. 1403 * 1404 * The key must grant the caller View permission for this to work. 1405 * 1406 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1407 * 1408 * If successful, the amount of information available will be returned, 1409 * irrespective of how much was copied (including the terminal NUL). 1410 */ 1411 long keyctl_get_security(key_serial_t keyid, 1412 char __user *buffer, 1413 size_t buflen) 1414 { 1415 struct key *key, *instkey; 1416 key_ref_t key_ref; 1417 char *context; 1418 long ret; 1419 1420 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 1421 if (IS_ERR(key_ref)) { 1422 if (PTR_ERR(key_ref) != -EACCES) 1423 return PTR_ERR(key_ref); 1424 1425 /* viewing a key under construction is also permitted if we 1426 * have the authorisation token handy */ 1427 instkey = key_get_instantiation_authkey(keyid); 1428 if (IS_ERR(instkey)) 1429 return PTR_ERR(instkey); 1430 key_put(instkey); 1431 1432 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1433 if (IS_ERR(key_ref)) 1434 return PTR_ERR(key_ref); 1435 } 1436 1437 key = key_ref_to_ptr(key_ref); 1438 ret = security_key_getsecurity(key, &context); 1439 if (ret == 0) { 1440 /* if no information was returned, give userspace an empty 1441 * string */ 1442 ret = 1; 1443 if (buffer && buflen > 0 && 1444 copy_to_user(buffer, "", 1) != 0) 1445 ret = -EFAULT; 1446 } else if (ret > 0) { 1447 /* return as much data as there's room for */ 1448 if (buffer && buflen > 0) { 1449 if (buflen > ret) 1450 buflen = ret; 1451 1452 if (copy_to_user(buffer, context, buflen) != 0) 1453 ret = -EFAULT; 1454 } 1455 1456 kfree(context); 1457 } 1458 1459 key_ref_put(key_ref); 1460 return ret; 1461 } 1462 1463 /* 1464 * Attempt to install the calling process's session keyring on the process's 1465 * parent process. 1466 * 1467 * The keyring must exist and must grant the caller LINK permission, and the 1468 * parent process must be single-threaded and must have the same effective 1469 * ownership as this process and mustn't be SUID/SGID. 1470 * 1471 * The keyring will be emplaced on the parent when it next resumes userspace. 1472 * 1473 * If successful, 0 will be returned. 1474 */ 1475 long keyctl_session_to_parent(void) 1476 { 1477 struct task_struct *me, *parent; 1478 const struct cred *mycred, *pcred; 1479 struct callback_head *newwork, *oldwork; 1480 key_ref_t keyring_r; 1481 struct cred *cred; 1482 int ret; 1483 1484 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK); 1485 if (IS_ERR(keyring_r)) 1486 return PTR_ERR(keyring_r); 1487 1488 ret = -ENOMEM; 1489 1490 /* our parent is going to need a new cred struct, a new tgcred struct 1491 * and new security data, so we allocate them here to prevent ENOMEM in 1492 * our parent */ 1493 cred = cred_alloc_blank(); 1494 if (!cred) 1495 goto error_keyring; 1496 newwork = &cred->rcu; 1497 1498 cred->session_keyring = key_ref_to_ptr(keyring_r); 1499 keyring_r = NULL; 1500 init_task_work(newwork, key_change_session_keyring); 1501 1502 me = current; 1503 rcu_read_lock(); 1504 write_lock_irq(&tasklist_lock); 1505 1506 ret = -EPERM; 1507 oldwork = NULL; 1508 parent = me->real_parent; 1509 1510 /* the parent mustn't be init and mustn't be a kernel thread */ 1511 if (parent->pid <= 1 || !parent->mm) 1512 goto unlock; 1513 1514 /* the parent must be single threaded */ 1515 if (!thread_group_empty(parent)) 1516 goto unlock; 1517 1518 /* the parent and the child must have different session keyrings or 1519 * there's no point */ 1520 mycred = current_cred(); 1521 pcred = __task_cred(parent); 1522 if (mycred == pcred || 1523 mycred->session_keyring == pcred->session_keyring) { 1524 ret = 0; 1525 goto unlock; 1526 } 1527 1528 /* the parent must have the same effective ownership and mustn't be 1529 * SUID/SGID */ 1530 if (!uid_eq(pcred->uid, mycred->euid) || 1531 !uid_eq(pcred->euid, mycred->euid) || 1532 !uid_eq(pcred->suid, mycred->euid) || 1533 !gid_eq(pcred->gid, mycred->egid) || 1534 !gid_eq(pcred->egid, mycred->egid) || 1535 !gid_eq(pcred->sgid, mycred->egid)) 1536 goto unlock; 1537 1538 /* the keyrings must have the same UID */ 1539 if ((pcred->session_keyring && 1540 !uid_eq(pcred->session_keyring->uid, mycred->euid)) || 1541 !uid_eq(mycred->session_keyring->uid, mycred->euid)) 1542 goto unlock; 1543 1544 /* cancel an already pending keyring replacement */ 1545 oldwork = task_work_cancel(parent, key_change_session_keyring); 1546 1547 /* the replacement session keyring is applied just prior to userspace 1548 * restarting */ 1549 ret = task_work_add(parent, newwork, true); 1550 if (!ret) 1551 newwork = NULL; 1552 unlock: 1553 write_unlock_irq(&tasklist_lock); 1554 rcu_read_unlock(); 1555 if (oldwork) 1556 put_cred(container_of(oldwork, struct cred, rcu)); 1557 if (newwork) 1558 put_cred(cred); 1559 return ret; 1560 1561 error_keyring: 1562 key_ref_put(keyring_r); 1563 return ret; 1564 } 1565 1566 /* 1567 * The key control system call 1568 */ 1569 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1570 unsigned long, arg4, unsigned long, arg5) 1571 { 1572 switch (option) { 1573 case KEYCTL_GET_KEYRING_ID: 1574 return keyctl_get_keyring_ID((key_serial_t) arg2, 1575 (int) arg3); 1576 1577 case KEYCTL_JOIN_SESSION_KEYRING: 1578 return keyctl_join_session_keyring((const char __user *) arg2); 1579 1580 case KEYCTL_UPDATE: 1581 return keyctl_update_key((key_serial_t) arg2, 1582 (const void __user *) arg3, 1583 (size_t) arg4); 1584 1585 case KEYCTL_REVOKE: 1586 return keyctl_revoke_key((key_serial_t) arg2); 1587 1588 case KEYCTL_DESCRIBE: 1589 return keyctl_describe_key((key_serial_t) arg2, 1590 (char __user *) arg3, 1591 (unsigned) arg4); 1592 1593 case KEYCTL_CLEAR: 1594 return keyctl_keyring_clear((key_serial_t) arg2); 1595 1596 case KEYCTL_LINK: 1597 return keyctl_keyring_link((key_serial_t) arg2, 1598 (key_serial_t) arg3); 1599 1600 case KEYCTL_UNLINK: 1601 return keyctl_keyring_unlink((key_serial_t) arg2, 1602 (key_serial_t) arg3); 1603 1604 case KEYCTL_SEARCH: 1605 return keyctl_keyring_search((key_serial_t) arg2, 1606 (const char __user *) arg3, 1607 (const char __user *) arg4, 1608 (key_serial_t) arg5); 1609 1610 case KEYCTL_READ: 1611 return keyctl_read_key((key_serial_t) arg2, 1612 (char __user *) arg3, 1613 (size_t) arg4); 1614 1615 case KEYCTL_CHOWN: 1616 return keyctl_chown_key((key_serial_t) arg2, 1617 (uid_t) arg3, 1618 (gid_t) arg4); 1619 1620 case KEYCTL_SETPERM: 1621 return keyctl_setperm_key((key_serial_t) arg2, 1622 (key_perm_t) arg3); 1623 1624 case KEYCTL_INSTANTIATE: 1625 return keyctl_instantiate_key((key_serial_t) arg2, 1626 (const void __user *) arg3, 1627 (size_t) arg4, 1628 (key_serial_t) arg5); 1629 1630 case KEYCTL_NEGATE: 1631 return keyctl_negate_key((key_serial_t) arg2, 1632 (unsigned) arg3, 1633 (key_serial_t) arg4); 1634 1635 case KEYCTL_SET_REQKEY_KEYRING: 1636 return keyctl_set_reqkey_keyring(arg2); 1637 1638 case KEYCTL_SET_TIMEOUT: 1639 return keyctl_set_timeout((key_serial_t) arg2, 1640 (unsigned) arg3); 1641 1642 case KEYCTL_ASSUME_AUTHORITY: 1643 return keyctl_assume_authority((key_serial_t) arg2); 1644 1645 case KEYCTL_GET_SECURITY: 1646 return keyctl_get_security((key_serial_t) arg2, 1647 (char __user *) arg3, 1648 (size_t) arg4); 1649 1650 case KEYCTL_SESSION_TO_PARENT: 1651 return keyctl_session_to_parent(); 1652 1653 case KEYCTL_REJECT: 1654 return keyctl_reject_key((key_serial_t) arg2, 1655 (unsigned) arg3, 1656 (unsigned) arg4, 1657 (key_serial_t) arg5); 1658 1659 case KEYCTL_INSTANTIATE_IOV: 1660 return keyctl_instantiate_key_iov( 1661 (key_serial_t) arg2, 1662 (const struct iovec __user *) arg3, 1663 (unsigned) arg4, 1664 (key_serial_t) arg5); 1665 1666 case KEYCTL_INVALIDATE: 1667 return keyctl_invalidate_key((key_serial_t) arg2); 1668 1669 default: 1670 return -EOPNOTSUPP; 1671 } 1672 } 1673